Re: urlsnarf woes

["Marcello 'R.D.O.' Magnifico" <rdo-lists () yashima dyndns-server com>]

>  am I missing something more obvious?

Perhaps the problem can be just avoided.

Assuming that you're using some flavor of Linux, you could try and
set up a logical interface (i.e. eth0.10 for VLAN #10), a tagged
one, on top of a physical one; then, have another sniffer process
reading from it. That way, the kernel's network layer is expected to
strip away the tag from the top of the ethernet frame: the other sniffer
program shall see the incoming traffic as untagged, then decode it
properly. I guess you aren't required to set up an IP on the
logical interface in order to have a foot in the right VLAN; the setup
instructions, in order to do so, could be more/less fast/easy
depending on the Linux distribution you're on. For sure, Red Hat Linux
and its siblings/derivatives do that with just another configuration
file for the new logical interface.

The bad about such a solution, apart from forking a potentially high
number of processes, have a potentially high number of logical
interfaces to tap on and have no assurance that you can shut down
something at a given time without loosing new data, is that you need to
know in advance which 802.11Q VLAN numbers are in use. This is not such
an issue if you are the network manager and/or the VLAN allocation is
properly planned. Obviously, if you are asked to secure an undocumented
network, you can't count on anything but the data running through it.

If another sniffer could tell you just the VLAN tag numbers, a
bash/perl/whatever script of yours might parse its output in real time,
in order to fire up as many other interfaces+sniffers you need.


        best regards
        Marcello Magnifico


On Wed, 7 Sep 2011 11:47:54 +0100
Bog Witch <iambogwitch () gmail com> wrote:

> Hi All,
>
> I have used urlsnarf to good effect in previous organisations. I am
> currently running a full capture of the external interface where I
> currently work, dsniff is providing good results, along with mailsnarf
> however urlsnarf is not providing me with any output. The only thing I
> can distiguish between this trafffic and traffic tht provides a
> urlsnarf output is that the failing traffic is VLAN tagged.
>
> Is it possible to manipulate urlsnarf to ignore the VLAN tag in order
> for me to capture URLs, is there a newer, VLAN aware tool I could be
> using or am I missing something more obvious?
>
> Thanks,
>
> Bog
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs
> an SSL certificate.  We look at how SSL works, how it benefits your
> company and how your customers can tell if a site is secure. You will
> find out how to test, purchase, install and use a thawte Digital
> Certificate on your Apache web server. Throughout, best practices for
> set-up are highlighted to help you ensure efficient ongoing
> management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------